diff --git a/.cvsignore b/.cvsignore index fb7870a..1927067 100644 --- a/.cvsignore +++ b/.cvsignore @@ -120,3 +120,4 @@ serefpolicy-2.6.4.tgz serefpolicy-2.6.5.tgz serefpolicy-3.0.1.tgz serefpolicy-3.0.2.tgz +serefpolicy-3.0.3.tgz diff --git a/policy-20070703.patch b/policy-20070703.patch index 28b6e35..3162c92 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -5536,16 +5536,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.0.3/policy/modules/services/ntp.te --- nsaserefpolicy/policy/modules/services/ntp.te 2007-07-03 07:06:27.000000000 -0400 -+++ serefpolicy-3.0.3/policy/modules/services/ntp.te 2007-07-19 09:24:25.000000000 -0400 -@@ -40,6 +40,7 @@ ++++ serefpolicy-3.0.3/policy/modules/services/ntp.te 2007-07-19 10:44:14.000000000 -0400 +@@ -36,6 +36,7 @@ + dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice }; + allow ntpd_t self:process { signal_perms setcap setsched setrlimit }; + allow ntpd_t self:fifo_file { read write getattr }; ++allow ntpd_t self:shm create_shm_perms; + allow ntpd_t self:unix_dgram_socket create_socket_perms; allow ntpd_t self:unix_stream_socket create_socket_perms; allow ntpd_t self:tcp_socket create_stream_socket_perms; - allow ntpd_t self:udp_socket create_socket_perms; -+allow ntpd_t self:shm create_shm_perms; +@@ -82,6 +83,8 @@ + + fs_getattr_all_fs(ntpd_t) + fs_search_auto_mountpoints(ntpd_t) ++# Necessary to communicate with gpsd devices ++fs_rw_tmpfs_files(ntpd_t) - manage_files_pattern(ntpd_t,ntp_drift_t,ntp_drift_t) + auth_use_nsswitch(ntpd_t) -@@ -107,6 +108,8 @@ +@@ -107,6 +110,8 @@ sysnet_read_config(ntpd_t) @@ -5554,7 +5563,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp. userdom_dontaudit_use_unpriv_user_fds(ntpd_t) userdom_list_sysadm_home_dirs(ntpd_t) userdom_dontaudit_list_sysadm_home_dirs(ntpd_t) -@@ -126,6 +129,10 @@ +@@ -126,9 +131,14 @@ ') optional_policy(` @@ -5565,6 +5574,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp. seutil_sigchld_newrole(ntpd_t) ') + optional_policy(` + udev_read_db(ntpd_t) + ') ++ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.0.3/policy/modules/services/openvpn.if --- nsaserefpolicy/policy/modules/services/openvpn.if 2007-05-29 14:10:57.000000000 -0400 +++ serefpolicy-3.0.3/policy/modules/services/openvpn.if 2007-07-17 15:46:25.000000000 -0400 diff --git a/selinux-policy.spec b/selinux-policy.spec index 3e2d3f3..6e60eb6 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -16,8 +16,8 @@ %define CHECKPOLICYVER 2.0.3-1 Summary: SELinux policy configuration Name: selinux-policy -Version: 3.0.2 -Release: 8%{?dist} +Version: 3.0.3 +Release: 1%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -172,7 +172,7 @@ fi; %description SELinux Reference Policy - modular. -Based off of reference policy: Checked out revision 2348. +Based off of reference policy: Checked out revision 2370. %prep %setup -q -n serefpolicy-%{version} @@ -357,6 +357,9 @@ exit 0 %endif %changelog +* Tue Jul 17 2007 Dan Walsh 3.0.2-9 +- Allow execution of gconf + * Sat Jul 14 2007 Dan Walsh 3.0.2-8 - Fix moilscanner update problem diff --git a/sources b/sources index 4cbcc28..95187b2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7487348a6530067125f23316f43ff369 serefpolicy-3.0.2.tgz +af54ae49007f995f1cb9e5d6f5baf8bf serefpolicy-3.0.3.tgz